- How To Change Apache Default Port To A Custom Port In Linux
- Why do we need to change the Apache2 default port?
- Change Apache default port to a custom port
- Linux Port numbers
- Q. What is a port?
- Q. What is hardware port?
- Q. What is a socket?
- Q. What is the range of ports or how many ports are there?
- Q. Why port numbers are just 65536?
- Q. What are the well-known ports or assigned ports or default ports?
- Q. What do you mean by default port?
- Q. Can we change default port for a service(example Apache, squid)?
- Q. What are the protocol numbers for TCP and UDP?
- Q. Is there any way I can see all the port information in Linux?
- Q. How can I see open ports in Linux?
- Well known ports
- Surendra Anne
- Latest posts by Surendra Anne (see all)
How To Change Apache Default Port To A Custom Port In Linux
Keeping the Linux server secure is the vital duty of a system administrator. While there are many ways to make sure your server is as secure as possible, there are a few basic steps you must do first. One of them is to change the default ports of frequently used services to custom ports. Here, we will be seeing how to change the defaults ports of Apache, FTP and SSH to something different which is hard to guess. Let us break down this topic in three small parts. In the first part, we are going to see how to change Apache default port to a custom port on Linux.
Why do we need to change the Apache2 default port?
Before get to the topic, you might ask changing port will increase the security? To be honest, No, it won’t secure your system completely. Changing the default port alone doesn’t provide any serious security defense. There are many port scanners which will find out which port you’re using eventually. But you can, at least, protect your servers from any amateur attacks, and also you can reduce the number of attacks. That’s why we need to change the default ports.
Change Apache default port to a custom port
1. Change Apache port on Debian/Ubuntu
Edit /etc/apache2/ports.conf file:
$ sudo vi /etc/apache2/ports.conf
And change it to a random number of your choice, for example 8090 .
This entry make the server to accept connections on port 8090 on all interfaces. To make the server accept connections on port 8090 for a specific interface, just include the corresponding network interface’s IP address as shown below.
This will be helpful if your server has multiple IP addresses or network interfaces.
Additionally, in Ubuntu and Debian, you also have to change the port number in / etc/apache2/sites-enabled/000-default.conf file too.
$ sudo vi /etc/apache2/sites-enabled/000-default.conf
Find the following line and change the port number.
Then, restart Apache service to take effect the changes.
$ sudo systemctl restart apache2
Now let us verify the port settings:
$ sudo netstat -tulpn | grep :8090
Sample output:
tcp6 0 0 . 8090 . * LISTEN 4066/apache2
Then, open your web browser and navigate to URL: http://IP-address:8090.
You should see the following screen:
Next we will see how to change Apache port in RHEL based systems.
2. Change Apache port on RHEL, CentOS, AlmaLinux, Rocky Linux
Make sure you have installed Apache webserver first.
Then, edit /etc/httpd/conf/httpd.conf file,
$ sudo vi /etc/httpd/conf/httpd.conf
And change it to a random number of your choice, for example 8090 .
This entry make the server to accept connections on port 8090 on all interfaces. To make the server accept connections on port 8090 for a specific interface, just include the corresponding network interface’s IP address as shown below.
This will be useful if your server has multiple IP addresses or network interfaces.
In RHEL/CentOS systems, make sure the new port number 8090 is not blocked by SELinux and Firewall.
$ sudo semanage port -a -t http_port_t -p tcp 8090
If semanage command is not found, install the following package on CentOS 7 / RHEL 8:
$ sudo yum install policycoreutils-python
$ sudo dnf install policycoreutils-python-utils
To allow port 8090 via firewall do the following steps.
In RHEL 7/8 and CentOS 7/8:
$ sudo firewall-cmd --permanent --add-port=8090/tcp
In RHEL 6 / CentOS 6:
$ sudo vi /etc/sysconfig/iptables
And add the new custom port line:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8090 -j ACCEPT
Save and exit the file and restart iptables service.
$ sudo service iptables restart
Finally restart httpd service.
$ sudo systemctl restart httpd
On RHEL 6.x systems, restart httpd service using the following command:
$ sudo service httpd restart
Now verify the listening port using command:
Sample output:
● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/httpd.service.d └─php-fpm.conf Active: active (running) since Mon 2020-02-10 17:08:21 IST; 1min 20s ago Docs: man:httpd.service(8) Main PID: 2126 (httpd) Status: "Running, listening on: port 8090" Tasks: 213 (limit: 11501) Memory: 24.3M CGroup: /system.slice/httpd.service ├─2126 /usr/sbin/httpd -DFOREGROUND ├─2127 /usr/sbin/httpd -DFOREGROUND ├─2128 /usr/sbin/httpd -DFOREGROUND ├─2129 /usr/sbin/httpd -DFOREGROUND └─2130 /usr/sbin/httpd -DFOREGROUND Feb 10 17:08:21 centos8.ostechnix.lan systemd[1]: Starting The Apache HTTP Server. Feb 10 17:08:21 centos8.ostechnix.lan systemd[1]: Started The Apache HTTP Server. Feb 10 17:08:21 centos8.ostechnix.lan httpd[2126]: Server configured, listening on: port 8090
Or using netstat command:
$ sudo netstat -tulpn | grep :8090
Sample output:
tcp6 0 0 . 8090 . * LISTEN 17636/httpd
If netstat command is not found, install the following package.
$ sudo yum install net-tools
Then, verify the Apache test page from the browser using URL: http://IP-address:8090.
You should see the following screen:
Congratulations! Apache default port has been changed.
Check the following link to know how to change FTP default port.
sk
Senthilkumar Palani (aka SK) is the Founder and Editor in chief of OSTechNix. He is a Linux/Unix enthusiast and FOSS supporter. He lives in Tamilnadu, India.
Linux Port numbers
This is bit important post on understanding the ports, their details and numbers.
Some FAQ related PORTS
Q. What is a port?
A port is piece of software which is used as docking point in your machine, where remote application can communicate. This is analogy to the physical ports for entering in to a country from different sea ports.
Q. What is hardware port?
This is a physical peripheral connecting point to a machine from a physical device.
Q. What is a socket?
Socket is combination of software Port and IP address.
Q. What is the range of ports or how many ports are there?
Port numbers can vary from 0 to 65535, so total we can get 65536 ports
Q. Why port numbers are just 65536?
This is because limitation in TCP/IP stack where the port number field is just 16bit size. So we get only 2^16(2 to the power of 16) ports which are equal to 65536 available ports
Q. What are the well-known ports or assigned ports or default ports?
Well known ports are from 0 to 1023(total 2^10=1024 ports)
Q. What do you mean by default port?
Default port is a designated port for particular well-known service such as web server, mail server, ftp server etc. By default FTP uses 21 port, DNS uses 53 and Apache uses 80 port.
Q. Can we change default port for a service(example Apache, squid)?
Yes, we can change. In Apache and DNS we can change this using listen configuration entry in httpd.conf and named.conf. Squid have port entry in it’s squid.conf file to mention port number.
Q. What are the protocol numbers for TCP and UDP?
Do not confuse this one with port numbers. TCP and UDP have their own numbers in TCP/IP stack.
TCP protocol number: 6
UDP protocol number: 17
Q. Is there any way I can see all the port information in Linux?
Yes, you can get that from /etc/services files.
Q. How can I see open ports in Linux?
Well known ports
20 – FTP Data (For transferring FTP data)
21 – FTP Control (For starting FTP connection)
22 – SSH (For secure remote administration which uses SSL to encrypt the transmission)
23 – Telnet (For insecure remote administration)
25 – SMTP (Mail Transfer Agent for e-mail server such as SEND mail)
53 – DNS (Special service which uses both TCP and UDP)
69 – TFTP (Trivial file transfer protocol uses udp protocol for connection less transmission of data)
80 – HTTP/WWW(Apache)
88 – Kerberos
110 – POP3 (Mail delivery Agent)
123 – NTP (Network time protocol used for time syncing uses UDP protocol)
137 – NetBIOS (nmbd)
139 – SMB-Samba (smbd)
161 – SNMP (For network monitoring)
389 – LDAP (For centralized administration)
443 – HTTPS (HTTP+SSL for secure web access)
514 – Syslogd (udp port)
636 – ldaps (both ctp and udp)
989 – FTPS-data
2049 – NFS (nfsd, rpc.nfsd, rpc, portmap)
2401 – CVS server
3306 – MySql
6000-6063-X11
Note 1: If protocol(TCP or UDP) is not mention then the above port are solely for TCP. Some service use UDP as mention in above list.
Note 2: X11 use 6000 to 6063.. ports for connecting X11 from remote server.
Surendra Anne
Mr Surendra Anne is from Vijayawada, Andhra Pradesh, India. He is a Linux/Open source supporter who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. He works as Devops Engineer with Taggle systems, an IOT automatic water metering company, Sydney . You can contact him at surendra (@) linuxnix dot com.
Latest posts by Surendra Anne (see all)
- Docker: How to copy files to/from docker container — June 30, 2020
- Anisble: ERROR! unexpected parameter type in action: Fix — June 29, 2020
- FREE: JOIN OUR DEVOPS TELEGRAM GROUPS — August 2, 2019
- Review: Whizlabs Practice Tests for AWS Certified Solutions Architect Professional (CSAP) — August 27, 2018
- How to use ohai/chef-shell to get node attributes — July 19, 2018